Go download!
The changes:
- Fixed empty element “bug” (a <b/> causes the rest of the page to be bold cross-browser, wtf? more on this later)
- Fixed some bugs handling CSS colors, fonts and margins (negative margins not allowed and colors are now c14nized – thx to Jason Li and designbistro)
- Added a usable pom.xml (thx to fernman)
- Fixed a bunch of CSS policy file functional problems (thx to Jerry Hoff who is also working hard getting the .NET version to 1.0)
- Added demo WAR to the downloads
- Numerous other little bug fixes
The test cases all pass except one. The only one that fails is the one that is actually a problem with NekoHTML, the HTML parsing engine on top of which AntiSamy sits. As you can see here I provided him a working patch, test case, and justification. I’ve been watching their source tree closely and I don’t see any movement on this particular issue. However, as a group we decided to just live with it until they fix and no longer try to maintain a forked version of their library. I trust that they’ll eventually fix it, and you can still use my patch to fix your own version if that’s unacceptable.
Here’s what’s on the roadmap for 1.4:
- full Maven support
- SAX parser (should increase speed by ~50%)
- programmatic access to the Policy object with guaranteed thread safety
As always, if you have issues, questions, or feedback drop us a line on the Google Code issue tracker or OWASP AntiSamy mailing list.
Thanks to all the people who submitted issues, patches and feedback. You guys are awesome.
